Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <26370583.965423060526.JavaMail.imail@scorch.excite.com>
Date: Fri, 4 Aug 2000 14:04:19 -0700 (PDT)
From: Bob Heckel <BHeckel AT excite DOT com>
Reply-To: <bheckel AT excite DOT com>
To: cygwin AT sourceware DOT cygnus DOT com
Subject: inetd security hole?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Excite Inbox
X-Sender-Ip: 202.252.212.40

I just set up inetd-1.3.2-5p1 as a service on my W2K box.  My
thanks to the Cygwin team.  Great job on this piece.  There
may, however, be a security hole for some people.  I was
able to FTP from a remote Unix box to my Cygwin W2K box
simply by using user guest and password (enter).  Had to
delete the Guest entry from /etc/passwd to close the hole.

I may not be configured properly and your system may be
different but I wanted to make sure no one is accidently
exposed to trouble.  I checked the mailing list search
engine prior to posting this and didn't see any warnings regarding this
issue.

Bob Heckel





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com